Facebook bug exposed photos from up to 6.8 million users to third-party apps, the company disclosed Friday. The exposed photos include those that users never finished sharing to the site, Facebook said.
The disclosure is one of several privacy breaches the company has shared over the past year. In March, reports from the New York Times and the Guardian shed light on how Cambridge Analytica used data on Facebook users to influence the 2016 U.S. presidential election. In September, it announced a security breach that affected up to 50 million users and sent its stock price plunging more than 2.5 percent.
Facebook said that photos that had yet to be shared could have been accessed by apps that users gave permission to access their Facebook photos. Facebook said these photos could be accessed because the platform stores a copy of photos that users do not finish sharing on their profile after uploading. Facebook said the bug in its photo API affected a 12 day window between Sept. 13 and Sept. 25 and gave access to up to 1,500 apps built by 876 developers.
Facebook said it will alert users who may have been impacted by the breach through a notice on its platform that will show them how to see if apps they use were affected. The company also advises users log into apps they believe they granted access to Facebook photos to see which photos they have accessed.
“We’re sorry this happened,” Facebook said in the post on its developers blog written by Tomer Bar, an engineering director at the company. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
This is a developing story. Check back for updates.
